<?php


include "./includes/config.inc.php";




                                                               $query_settings = "select * from PHPAUCTIONXL_version_2_1 where id='1'";
                             $query_settings2 =  mysql_query ($query_settings);
                                $rafbidpack = mysql_result($query_settings2,0,"rafbidpack");
                                
                                
                                
    $TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));
$NOW = date("YmdHis",$TIME);

       

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
/*
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

  */
  
    /*
// post back to PayPal system to validate
$header .= "POST /us/cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.sandbox.paypal.com:80\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
 */


// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.paypal.com:80\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);



// Assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

   
$items = explode(":", $item_number);

$user_id = $items[1];
$item_type = $items[2];
$item_id = $items[3];
$item_price = $items[5];
     
$bids1 = $item_id;
		
if (!$fp) {
// HTTP ERROR

	StopProcess();
	
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed







    
    
// check that txn_id has not been previously processed

		$sql = "SELECT txnid FROM PHPAUCTIONXL_payments WHERE txnid = '$txn_id' AND status = 'Completed'";
		$res = mysql_query($sql) or die(mysql_error());
		if (mysql_num_rows($res) || !$txn_id)
		{
			// Entry present
			StopProcess();
		}
  

   
 $query_title1 = "select email from PHPAUCTIONXL_users where id=1";
                             $query_title2 =  mysql_query ($query_title1);
                                $paypal_email = mysql_result($query_title2,0,"email");
                                
                                     
     // check that receiver_email is your Primary PayPal email
		if ($receiver_email != $paypal_email)
		{
			StopProcess();
		}

// check that payment_amount/payment_currency are correct


                      
if ((0+$payment_amount) <  ($item_price + 0))
		{
					StopProcess();
		}
		
		if ($payment_currency != $currency )
		{
					StopProcess();
		}
            
            
            
                
  
  // process payment

       if ($payment_status != "Completed")
		{

      $query1 = "INSERT INTO PHPAUCTIONXL_payments VALUES";

$query1 .= "(NULL";
$query1 .= ",";
$query1 .= "'$txn_id',";
$query1 .= "'$item_id',";
$query1 .= "'$item_type', ";
$query1 .= "'$item_name',";
$query1 .= "'$item_number',";
$query1 .= "'$payment_amount',";
$query1 .= "'$payment_currency',";
$query1 .= "'$payer_email',";
$query1 .= "'$res',";
$query1 .= "'$payment_status',";
$query1 .= "'$NOW',";
$query1 .= "'$user_id',";
$query1 .= "'0'";
$query1 .= ")";

mysql_query($query1);


   }  
 
$query = "SELECT txnid from PHPAUCTIONXL_payments where txnid='$txn_id'";
$result = mysql_query($query);
$num_auction = mysql_num_rows($result);

 
        



		  if ($payment_status == "Completed" && $num_auction == 1 )
		{       
         
         $query = mysql_fetch_array(mysql_query("SELECT bids_remaining FROM PHPAUCTIONXL_users WHERE id=$user_id"));
     	  
     	$bids3 = $bids1 + $query['bids_remaining'];
     	
     	
     mysql_query("UPDATE PHPAUCTIONXL_users SET bids_remaining=$bids3 WHERE id=$user_id");
 
       
     mysql_query("UPDATE PHPAUCTIONXL_payments SET status = 'Completed' WHERE txnid='$txn_id'");
     mysql_query("UPDATE PHPAUCTIONXL_payments SET date=$NOW WHERE txnid='$txn_id'");
              
}


     	  if ($payment_status == "Completed" && $num_auction == " " )
		{       
         
                   $query1 = "INSERT INTO PHPAUCTIONXL_payments VALUES";

$query1 .= "(NULL";
$query1 .= ",";
$query1 .= "'$txn_id',";
$query1 .= "'$item_id',";
$query1 .= "'$item_type', ";
$query1 .= "'$item_name',";
$query1 .= "'$item_number',";
$query1 .= "'$payment_amount',";
$query1 .= "'$payment_currency',";
$query1 .= "'$payer_email',";
$query1 .= "'$res',";
$query1 .= "'$payment_status',";
$query1 .= "'$NOW',";
$query1 .= "'$user_id',";
$query1 .= "'0'";
$query1 .= ")";

mysql_query($query1);

              
                $query = mysql_fetch_array(mysql_query("SELECT bids_remaining FROM PHPAUCTIONXL_users WHERE id=$user_id"));
     	  
     	$bids3 = $bids1 + $query['bids_remaining'];
     	
     	
     mysql_query("UPDATE PHPAUCTIONXL_users SET bids_remaining=$bids3 WHERE id=$user_id");
              
      
        if ( $rafbidpack == 1 ) { 
                
      
      
                                   $query_settings = "select * from PHPAUCTIONXL_users where id=$user_id";
                             $query_settings2 =  mysql_query ($query_settings);
                                $friend_email1 = mysql_result($query_settings2,0,"email");      
      
 $friend_email1 = $_POST['TPL_email'];
                 
                    
$query99 = "select * from PHPAUCTIONXL_refer_a_friend
         WHERE friend_email='$friend_email1'";
$result99 = mysql_query($query99);
$num_auction99 = mysql_num_rows($result99);

if ( $num_auction99 > 0 ) {



     
$query565 = mysql_fetch_array(mysql_query("SELECT * FROM PHPAUCTIONXL_refer_a_friend WHERE friend_email='$friend_email1'"));
     	  
     	$bids1 = $query565['bids'];
        $referer_id1 = $query565['referer_id'];


$query2323 = mysql_fetch_array(mysql_query("SELECT bids_remaining FROM PHPAUCTIONXL_users WHERE id='$referer_id1'"));
     	  
    $bids2 = $query2323['bids_remaining'];
     	
     
        $bids3 = $bids1 + $bids2;
     
     	
     mysql_query("UPDATE PHPAUCTIONXL_users SET bids_remaining=$bids3 WHERE id=$referer_id1");
            
                  // echo $num_auction99;
              
                              }           
                
                    }
      
      
      
      
      
      
              
}





}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation



}
}
fclose ($fp);
}



    
function StopProcess()
{
	if($fp)
	{
		fclose($fp);
		unset($fp);
	}
	exit;
}



?>

      